[Samba] Authentication problems using libsmbclient API and DFS shares

Fri Apr 6 13:19:12 GMT 2007

You should really re-post this to samba-technical at samba.org, there you
will have some more devs looking at it.

Simo.

On Fri, 2007-04-06 at 04:32 -0600, rbrowne at estreet.com wrote:
> 
> Hi,
>  
>  I'm trying to create a map of DFS links to actual
> server/share's.  I know that you can get this information by logging
> on to the DFS root server, but I'm trying to use the libsmbclient API to
> get this information.
>  
>  I have created a fairly simple DFS
> structure on 2003 servers with everything on the same domain.
>  
> 
> //MyDomain/DFSRoot
>  	/Link1	-> //Fileserv-1/FileShare1
> 
> 	/Link2	-> //Fileserv-2/FileShare2
>  
>  On the command line I
> can traverse the DFS tree without any problems, so using smbclient I can
> perform the following steps:
>  
>  # smbclient //10.4.1.107/DFSRoot
> -A ./credfile 
>  Domain=[ENG-DEV] OS=[Windows Server 2003 3790]
> Server=[Windows Server 2003 5.2]
>  smb: \> ls
>   
> .          
> D        0  Thu Mar 29 12:52:3
> 2007
>    ..         
> D        0  Thu Mar 29 12:52:35
> 2007
>    Link1      
> D        0  Thu Mar 29 12:46:43
> 2007
>    Link2      
> D        0  Thu Mar 29 12:52:35
> 2007
>  
> 
>                
> 65389 blocks of size 65536. 36670 blocks available
>  smb: \>
> showconnect
>  //Fileserv-1/DFSRoot
>  
>  smb: \> cd Link1
>  smb: \Link1\> ls
>   
> .          
> D        0  Thu Mar 29 12:43:19
> 2007
>    ..         
> D        0  Thu Mar 29 12:43:19
> 2007
>    
>    List.xls   
> A    25088  Sat Jan  7 23:03:18 2006
>   .
>   .
>   .
>  
>   
>  smb: \Link1\> showconnect
> 
> //Fileserv-1/FileShare1
>  
>  smb: \Link1\> cd ../Link2
> 
> smb: \Link2\> ls
>   
> .          
> D        0  Thu Mar 29 12:40:14
> 2007
>    ..         
> D        0  Thu Mar 29 12:40:14
> 2007
>   
> abs-guide.pdf                
> A  2069818  Thu Mar 29 12:39:04 2007
>  .
>  .
>  .
>   
> sag.pdf                      
> A   869300  Thu Mar 29 12:40:14 2007
>  
> 
>                
> 65389 blocks of size 65536. 36659 blocks available
>  smb: \Link2\>
> showconnect
>  //Fileserv-2/FileShare2
>  smb: \Link2\> 
> 
> 
>  
>  However, problems ensue when I try to connect using the
> smbc_open and smbc_opendir functions.  Tracing execution under gdb I
> see that my authentication callback function is being called every time I
> use the smbc_opendir function (that's good).  I can authenticate
> without any problems to the DFS root, but the problem occurs when Samba
> tries to traverse the DFS tree.  In this case the original
> server/share (i.e. of the DFS root) is not the server/share of the DFS
> link.  When the code follows the path of the link, all the original
> authentication information is lost.  My username, password, and
> workgroup are all changed to my Unix username and the workgroup that I've
> defined in smb.conf.  I'm prompted for a password from the do_connect
> function and authentication to the server/share fails.
>  
>  One
> difference between the two scenarios is that in the first case the
> cli_cm_set_credentials function is being called in the second case it's
> not.  I'm not sure, but should the authentication callback function
> be used when resolving a DFS path?  I'm still looking into where the
> defaults are set and if it's possible to get authentication info that's
> not statically defined.
>  
>  I also saw that I can define the
> /etc/samba/smbusers to map a Unix user name to a Windows login and tried
> this, but my default username is still the Unix one.  I also
> uncommented the username map line in smb.conf.
>  
>  Thanks for
> looking at this...
>  
>  Regards,
>  
>  Rich &#65533;
-- 
Simo Sorce
Samba Team GPL Compliance Officer
email: idra at samba.org
http://samba.org